Key Facts

Remote From:

Anywhere

Full time

Senior (5-10 years)

English

Hard Skills

Other Skills

•
Collaboration
•
Communication
•
Problem Solving

Roles & Responsibilities

5+ years hands-on Azure infrastructure experience with enterprise customers (US/EMEA)
Proven track record delivering multi-region Azure deployments with DR/HA and Azure Landing Zone implementations
Security-focused architecture design and implementation (Zero Trust, NSG rules, Private Endpoints, Defender for Cloud, Entra ID/RBAC)
Infrastructure as Code expertise using Bicep and/or Terraform, modular patterns, scripting, and CI/CD pipelines

Requirements:

Design and implement enterprise Azure Landing Zone architectures, hub-spoke network topologies, multi-region HA, and disaster recovery following CAF and Zero Trust principles
Develop and enforce security architectures using NSG/Azure Firewall, Private Endpoints, Defender for Cloud, Front Door Premium with WAF, identity RBAC, and private DNS/VNet links
Lead hands-on IaC by building Bicep/Terraform modules, config-driven deployments, scripting, and CI/CD pipelines for infrastructure delivery
Lead customer engagement and end-to-end delivery from discovery through production deployment, including architecture reviews, security assessments, and delivery documentation

Spektra Systems

About Spektra Systems

Spektra Systems is an innovation leader in cloud computing products and services. Our mission is to enable people and businesses to achieve more with the help of effective technological solutions. Our four revolutionizing products are designed to help Cloud partners run and grow their businesses efficiently. a) CSP Control Center (www.cspcontrolcenter.com) Automating CSP business. Enabling growth. C3 streamlines the entire business & technical lifecycle for Microsoft CSP partners. The platform provides an effortless self-service experience that scales productivity and business development. b) CloudLabs (https://cloudlabs.ai/) Transforming virtual learning through immersive technology. CloudLabs is a self-service, end-to-end learning experience platform that delivers Microsoft Azure hands-on workshops at scale. Designed for training providers, ISV’s and system integrators, Cloudlabs has transformed the way cloud workshops and demonstrations are conducted. c) SaaSify (https://saasify.ai/) Helping ISVs and SaaS companies grow their business. SaaSify is a one-of-its-kind solution built to simplify, streamline and accelerate revenue growth on cloud marketplaces. The platform enables companies to optimize, list, sell and manage their software offerings — cost-effectively. d) Spektra Academy (https://spektraacademy.com/) Empowering individual learners through hands-on lab training and certification. Along with advanced solutions, we offer end-to-end services comprising advisory and consulting, product customization, and managed services. We’re headquartered in Seattle, the United States with offices in Canada, India, and Mexico and clients worldwide. Check us out at www.spektrasystems.com

Founded: 2018

Company size: 201 - 500

Website LinkedIn See all jobs →

Job description

This is a remote position.

Location: Currently remote; may transition to onsite in the future

About the Role : We're looking for a hands-on Senior Azure Infrastructure Architect to lead enterprise cloud architecture and infrastructure delivery. You'll design and implement secure, production-grade Azure environments following Azure Landing Zone patterns, Zero Trust security principles, and Infrastructure as Code best practices.

This role requires deep expertise in Azure networking, security architecture, and IaC automation. You'll own end-to-end infrastructure delivery—from architecture design through Bicep/Terraform implementation—for global enterprise customers. We need someone who can whiteboard a hub-spoke topology and then build it hands-on.

Key Responsibilities:

Architecture & Design

Design enterprise Azure Landing Zone architectures following Microsoft Cloud Adoption Framework (CAF)
Architect Hub-Spoke network topologies with proper IP addressing, subnetting, and VNet peering strategies
Design Zero Trust security models with defense-in-depth layering
Create multi-region, high-availability architectures with geo-replication and disaster recovery
Conduct infrastructure assessments and develop optimization strategies
Design cost-efficient architectures balancing security, performance, and budget

Security Architecture

Implement NSG-only or Azure Firewall-based security models with deny-by-default rules
Design Private Endpoint strategies for PaaS services (SQL, Storage, Key Vault, App Service)
Configure Microsoft Defender for Cloud across workload types (App Service, SQL, Storage, Key Vault, ARM)
Implement Azure Front Door Premium with WAF (OWASP 3.2, Bot Manager, geo-filtering, rate limiting)
Design identity solutions with Entra ID, Managed Identities, and RBAC least-privilege access
Configure Private DNS Zones and VNet links for private name resolution

Hands-on Implementation (Infrastructure as Code)

Develop and maintain Bicep/Terraform modules for reusable infrastructure patterns
Build modular IaC for: VNets, NSGs, Private Endpoints, Key Vaults, SQL Servers, App Services, Front Door, Storage Accounts
Implement configuration-driven deployments using centralized config files (config.json patterns)
Create PowerShell/Azure CLI deployment scripts with proper error handling and verification
Build phased deployment strategies with verification checkpoints
Implement diagnostic settings and Log Analytics integration across all resources

Compute & Data Platform

Deploy Azure App Service with VNet Integration, Private Link, and System-Assigned Managed Identity
Configure Azure SQL Hyper-scale with geo-replication, Private Endpoints, and Azure AD-only authentication
Implement Azure Storage with Private Endpoints (Blob, Queue, Table) and proper RBAC
Configure Application Insights and Log Analytics for observability
Deploy Azure Virtual Desktop (AVD) with Entra ID Join and automation run-books

Customer Engagement & Delivery

Lead technical architecture discussions with customer IT leadership
Own end-to-end project delivery from discovery through production deployment
Conduct infrastructure design reviews and security assessments
Create architecture documentation and operational runbooks
Manage customer expectations and project timelines

Requirements

Azure Networking & Security (Core Focus)

Hub-Spoke VNet topology design and implementation
NSG rules with Service Tags and deny-by-default patterns
Private Endpoints for all Azure PaaS services
Azure Front Door Premium with WAF configuration
VNet Peering (regional and cross-region)
Azure Private DNS Zones and VNet links
Zero Trust architecture principles and implementation

Identity & Access Management

Entra ID (Azure AD) for cloud identity
System-Assigned and User-Assigned Managed Identities
Azure RBAC with least-privilege role assignments
Key Vault with RBAC access model (not legacy access policies)
Conditional Access and MFA strategies

Infrastructure as Code (Hands-on Required)

Bicep (primary) or Terraform for Azure IaC
Modular IaC patterns with reusable modules
PowerShell scripting for deployment automation
Azure CLI for resource management and verification
Configuration-driven deployments (parameterized templates)
CI/CD pipelines for infrastructure (Azure DevOps, GitHub Actions)

Security & Governance

Microsoft Defender for Cloud (CSPM + workload protection plans)
Security architecture (defense-in-depth, threat modeling)
Regulatory compliance frameworks (ISO 27001, SOC 2, GDPR)
Azure Policy for governance and compliance enforcement
NSG Flow Logs and Log Analytics for security monitoring

Compute & Data Platforms

Azure App Service (Web Apps, VNet Integration, Private Link)
Azure SQL (Hyperscale, geo-replication, Private Endpoints)
Azure Storage (Blob, Queue, Table, Private Endpoints, RBAC)
Azure Virtual Desktop (Pooled, Entra ID Join, automation)
Application Insights and Log Analytics

Experience

5+ years hands-on Azure infrastructure experience
Proven track record with enterprise customers (US/EMEA)
Multi-region Azure deployments with DR/HA requirements
Azure Landing Zone implementations (greenfield or brownfield)
Security-focused architecture design and implementation
Cost optimization and FinOps experience
Team leadership or mentoring experience

Desired Qualifications : Certifications (Preferred)

Microsoft Certified: Azure Solutions Architect Expert
Microsoft Certified: Azure Administrator Associate
Microsoft Certified: Azure Security Engineer Associate
Azure Network Engineer Associate
HashiCorp Terraform Associate (if Terraform-focused)

What We're Looking For

A hands-on architect who understands that architecture diagrams must translate to working infrastructure. You should be comfortable switching between whiteboard design sessions and terminal-based IaC deployments. We value:

Security-first mindset: Every design decision considers Zero Trust principles
IaC discipline: Infrastructure exists as code, not click-ops
Verification rigor: You validate deployments, not assume success
Documentation: Architecture decisions and operational knowledge are captured
Practical problem-solving: You find solutions within budget and timeline constraints
Continuous learning: Azure evolves rapidly; so should you

About Spektra Systems

Spektra Systems is a cloud solutions and infrastructure specialist delivering enterprise transformation across Microsoft Azure, AWS, and modern workplace technologies. We partner with global enterprises on their digital transformation journeys.

Why Join Spektra Systems?

Work on cutting-edge technologies with global enterprise customers
Opportunity to work with emerging technologies like AI, ML, and Agentic AI
Remote-first culture with flexibility and work-life balance
Continuous learning and certification support
Collaborative environment with focus on innovation
Career growth opportunities in a rapidly expanding organization
Competitive compensation with performance-based incentives

If you're ready to take your career to the next level and make a real impact on customers' digital transformation journeys, we'd love to hear from you!

Ready to apply?

APPLY

Share ·